[Snort-users] Still Help Needed: i want to make a firewall

Matt Kettler mkettler at ...4108...
Wed Apr 16 19:19:13 EDT 2003


At 05:28 PM 4/16/2003 -0700, Michael Steele wrote:
>Bottom line is to use what you're comfortable with. Snort CAN be installed
>securely on either platform (Windows or *nix).


Agreed whole heartedly. Although properly securing a windows box is just as 
complex a problem as properly securing a unix server, it's not impossible. 
The only degree to which it is worse is the absolutely horrid history of 
exploits to IIS (not that Apache is any better).

I certainly would question the wisdom of running snort on a NT box that 
sits outside your firewall and runs IIS on the external interface. But I'd 
also question the wisdom of doing the same thing with a Linux box running 
Apache, bind, ssh, or sendmail on the external interface. Anyone doing 
either of these setups is just _asking_ to be exploited in the worst 
possible way.


Although all of this this OS difference banter still doesn't address his 
original problem, which was needing a firewall. Snort just isn't a 
replacement for one, no matter what platform you run it on.






More information about the Snort-users mailing list